The Trump administration should continue efforts to address nation state threats to critical infrastructure and prioritize securing federal networks, according to former National Security Council official Caitlin Clarke, who reflected on her activities under former President Biden and a new job at law firm Venable.
“There should be a continued focus on protecting critical infrastructure from the sophisticated nation state threats we’ve been seeing. I used to call them the ‘various typhoons.’ And a continued focus on supporting critical infrastructure to understand those threats and identify ways the federal government can support critical infrastructure in preventing, mitigating and detecting those threats,” Clarke said in an interview with Inside Cybersecurity.
Clarke joined the NSC in July 2023 as Special Assistant to the President and senior director for cyber and emerging technology. Prior to moving to the NSC, Clarke spent six months at the Office of the National Cyber Director as assistant national cyber director for planning and operations.
Caitlin Clarke, former Senior Director for Cyber and Emerging Technology on the National Security Council
Clarke said she also wants to see the new administration have a “continued focus on federal network protections. What we learn from protecting federal networks is a target of nation state actors and then it informs that other piece about protecting critical infrastructure.”
There is a “feedback loop” where protecting critical infrastructure and federal networks “complement each other,” Clarke said. She emphasized, “And I would like to see a focus on those areas continue and just raising the bar on cybersecurity to protect critical infrastructure, ensuring we have the services we rely on, that they aren’t disrupted by cyber attacks.”
Clarke’s background is in emergency management. She spent several years at the Federal Emergency Management Agency and started to focus more on cyber when former President Obama’s Presidential Policy Directive 41 was released in 2016. Clarke also spent time in the private sector at American Express before joining ONCD in 2022.
At the NSC, Clarke was responsible for implementing the U.S. Cyber Trust Mark program which was announced before her predecessor Steve Kelly left to join the Institute for Security and Technology.
Clarke said, “I was really proud to keep that ball moving forward with the FCC to get that program in place. There’s a program administrator now and it’s an important step forward for cybersecurity and consumers so consumers can make smarter decisions about the devices they bring into their homes.”
Creating “minimum standards” is important for “consumers and companies who are investing in cybersecurity to be able to differentiate themselves in the marketplace,” Clarke said.
Under her tenure, the NSC announced an agreement in 2024 with the European Union to establish reciprocity between the U.S. Cyber Trust mark and the EU Cyber Resilience Act.
Clarke said, “Before I came into government, I was working at a global financial sector company dealing with regulations not only in the U.S. but around the world. One of the things I really wanted to focus on is trying to ensure as we moved out with the U.S. Cyber Trust Mark, we did so in a way that was aligned with the EU, understanding they were in the midst of building out their own labeling program.”
“So I wanted to make sure we were building a program and working with the EU to ensure that companies who were building to the U.S. Cyber Trust Mark did not have to build two different products to be able to sell in the two different markets,” Clarke said.
She added, “The action plan that we worked on with the EU was another highlight of my time at the NSC.”
Clarke also played a role in implementing Biden’s 2021 cyber executive order and a subsequent EO published on Jan. 16 intended to build on lessons learned.
“The EO that was published at the end of the Biden-Harris administration was really focused on bringing some of the private sector practices to government on third party security,” Clarke said.
Clarke said, “Things like when I was in the private sector, we didn’t really take self-attestation on cybersecurity when we were partnering with other companies. There was a questionnaire, there was proof: ‘Yes, we had cyber policies and processes in place.’ And I’m really proud of bringing that concept in the EO that was released which is really about raising the bar for contractors and suppliers of the federal government.”
When it came to critical infrastructure, Biden’s Deputy National Security Advisor for Cyber Anne Neuberger was interested in putting in place sector-specific cyber regulations. One of those areas was port security where the Biden administration issued an executive order in February 2024 and a series of other actions to strengthen maritime cybersecurity and strengthen supply chain.
Clarke said the NSC’s work on port security “not only raised cybersecurity standards and baselines within the maritime transportation system but looked at cyber in a different way… in that we looked at cybersecurity but we also looked at the supply chain and key technologies within ports, specifically ship-to-shore cranes which are dominated by PRC vendors, and thought of innovative ways to partner with industrial policy partners within the White House to incentivize manufacturing of those cranes in the U.S. by non-PRC firms.”
“It was a way to talk about cybersecurity but also talk about supply chain manufacturing all that the same time. I’m very proud of the work that we did there,” Clarke said.
Venable is announcing the hiring of Clarke today where she will be working as a senior director for cybersecurity services.
Clarke said her new job will focus on “incident response,” leveraging her experience working in the space in the private sector and government. Clarke said, “I really enjoy working on the preparedness side on planning and exercises, making sure there are the processes in place so people know their roles ahead of a bad day.”
Clarke will also focus on supply chain risks and how to “move the need on cybersecurity through the supply chain,” leveraging her work at the White House to explore “where we might be able to go manage risk more broadly across all sectors by looking at some common technologies, common vendors.” -- Sara Friedman (sfriedman@iwpnews.com)